Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Identifying Malicious Files On Autoruns

  • Please log in to reply
2 replies to this topic

#1 sinisterminister


  • Members
  • 3 posts
  • Local time:09:44 AM

Posted 12 February 2008 - 09:53 AM


This is my first post on the forum as I just found it when searching google for "how to get rid of trojans". Now you understand why I have come to this site.
My Norton antivirus program says that it has successfully eliminated them, but every startup, and especially when I boot firefox, I run into problems: sometimes a little 'adware remover' web browser opens up prompting me to click it "to remove infected files". So its messing with my computer and I'm trying to fix it.
I recently downloaded autoruns to look for the trojan(s). Right now I'm scanning through files on my laptop (I'm using a different desktop to create this message). I just found a startup file in the logon tab called "mode shim", there is no description, the image path says the file is not found, and the file is named active glue.exe... This is by far the most suspicious startup file I found after following the instructions here: http://www.bleepingcomputer.com/tutorials/how-to-remove-a-trojan-virus-worm-or-malware/ ... I couldn't find this exe file in the database, so here I am posting...
Hope to hear from you soon,
Thanks alot


Edited by sinisterminister, 12 February 2008 - 09:56 AM.

BC AdBot (Login to Remove)


#2 hamluis



  • Moderator
  • 56,393 posts
  • Gender:Male
  • Location:Killeen, TX
  • Local time:08:44 AM

Posted 12 February 2008 - 11:34 AM

I suggest that you post your query at http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/

Click on the New Topic button, those folks there probably have more assistance than can be garnered in this section of the website.



#3 usasma


    Still visually handicapped (avatar is memory developed by my Dad

  • BSOD Kernel Dump Expert
  • 25,091 posts
  • Gender:Male
  • Location:Southeastern CT, USA
  • Local time:10:44 AM

Posted 12 February 2008 - 07:43 PM

I agree with hamluis, but would like to note that "Image file not found" means that the Autorun program can't find the file in that entry - so searching your hard drive should show you that it's gone (by not finding anythign). It's likely a remnant from another virus that was removed, but the startup entry wasn't.
My browser caused a flood of traffic, sio my IP address was banned. Hope to fix it soon. Will get back to posting as soon as Im able.

- John  (my website: http://www.carrona.org/ )**If you need a more detailed explanation, please ask for it. I have the Knack. **  If I haven't replied in 48 hours, please send me a message. My eye problems have recently increased and I'm having difficult reading posts. (23 Nov 2017)FYI - I am completely blind in the right eye and ~30% blind in the left eye.<p>If the eye problems get worse suddenly, I may not be able to respond.If that's the case and help is needed, please PM a staff member for assistance.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users